Thesis Details
Improvement of Adversarial Classification in Behavioral Analysis of Network Traffic Intended for Targeted Attack Detection
In this work, we study ways to improve the performance of network intrusion detectors. In detail, we focus on behavioral analysis, which uses data extracted from individual network connections. Such data is used by the described framework for obfuscation of targeted network attacks that exploit a set of contemporary vulnerable services. We select vulnerable services by scraping the National Vulnerability Database of NIST while limiting the search for years 2018 and 2019. As a result, we create a novel dataset that consists of direct and obfuscated attacks executed on selected vulnerable services as well as their legitimate traffic counterparts. We evaluate the dataset using a few classification techniques, and we demonstrate the importance of training these classifiers using obfuscated attacks in order to prevent evasion of the classifiers (i.e., false negatives). Finally, we perform the cross dataset evaluation using the state-of-the-art ASNM-NPBO dataset and our dataset. The results indicate the importance of retraining the classifiers with the novel vulnerabilities while still preserving a high detection performance of attacks on older vulnerabilities.
IDS, adversarial classification, behavioral network traffic analysis, classification intrusion detection system, NPBO, ASNM
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT), člen
Holík Lukáš, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Malinka Kamil, Mgr., Ph.D. (DITS FIT BUT), člen
Polčák Libor, Ing., Ph.D. (DIFS FIT BUT), člen
@mastersthesis{FITMT22643, author = "Ond\v{r}ej Sedlo", type = "Master's thesis", title = "Improvement of Adversarial Classification in Behavioral Analysis of Network Traffic Intended for Targeted Attack Detection", school = "Brno University of Technology, Faculty of Information Technology", year = 2020, location = "Brno, CZ", language = "english", url = "https://www.fit.vut.cz/study/thesis/22643/" }